package org.stvd.common.security.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.access.intercept.AbstractSecurityInterceptor;
import org.springframework.security.access.intercept.InterceptorStatusToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.stvd.common.security.support.UserDetail;
import org.stvd.core.util.DateUtil;
import org.stvd.core.util.StringUtil;
import org.stvd.core.web.IPUtil;

public class SecurityFilter extends AbstractSecurityInterceptor implements Filter {
    
    private Logger logger = LoggerFactory.getLogger(getClass());
    
    // 与applicationContext-security.xml里的myFilter的属性securityMetadataSource对应，
    // 其他的两个组件，已经在AbstractSecurityInterceptor定义
    private FilterInvocationSecurityMetadataSource securityMetadataSource;

    @Override
    public SecurityMetadataSource obtainSecurityMetadataSource() {
        return this.securityMetadataSource;
    }

    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
        FilterInvocation fi = new FilterInvocation(request, response, chain);
        invoke(fi);
    }

    private void invoke(FilterInvocation fi) throws IOException, ServletException {
        // object为FilterInvocation对象
        // 1.获取请求资源的权限
        // 执行Collection<ConfigAttribute> attributes =
        // SecurityMetadataSource.getAttributes(object);
        // 2.是否拥有权限
        // 获取安全主体，可以强制转换为UserDetails的实例
        // 1) UserDetails
        // Authentication authenticated = authenticateIfRequired();
        // this.accessDecisionManager.decide(authenticated, object, attributes);
        // 用户拥有的权限
        // 2) GrantedAuthority
        // Collection<GrantedAuthority> authenticated.getAuthorities()
        logger.info(DateUtil.getSystemDateOfString());
        
        InterceptorStatusToken token = null;

        token = super.beforeInvocation(fi);

        UserDetail userDetails = null;
        Authentication authenticated = SecurityContextHolder.getContext().getAuthentication();
        if(authenticated.getPrincipal() instanceof UserDetails){
            userDetails = (UserDetail) authenticated.getPrincipal();
            if(StringUtil.isEmpty(userDetails.getIpAddress())){
                userDetails.setIpAddress(IPUtil.getIpAddr(fi.getRequest()));
            }
        }
        if(userDetails != null){
            logger.info("    Request ip address:"+userDetails.getIpAddress());
        } else {
            logger.info("    Request ip address:"+IPUtil.getIpAddr(fi.getRequest()));
        }
        try {
            fi.getChain().doFilter(fi.getRequest(), fi.getResponse());
        } finally {
            super.afterInvocation(token, null);
        }
    }

    public FilterInvocationSecurityMetadataSource getSecurityMetadataSource() {
        return securityMetadataSource;
    }

    public void setSecurityMetadataSource(FilterInvocationSecurityMetadataSource securityMetadataSource) {
        this.securityMetadataSource = securityMetadataSource;
    }

    @Override
    public Class<? extends Object> getSecureObjectClass() {
        // 下面的MyAccessDecisionManager的supports方面必须放回true,否则会提醒类型错误
        return FilterInvocation.class;
    }

    public void destroy() {
    }

    public void init(FilterConfig arg0) throws ServletException {
    }
}
